Microsoft on Tuesday delivered several patches to fix critical vulnerabilities in Office including a well-publicized Excel flaw.

In the first bulletin (MS08-014), Microsoft addressed "several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file." This vulnerability allowed a remote attacker to take control of a system, install, view and change data and create new accounts. The CVE numbers for these vulnerabilities include:

The list of folks finding these Excel vulnerabilities is long. Mike Scott of SAIC, Matt Richard of VeriSign, Greg MacManus of iDefense Labs, Yoshiya Sasaki of JFE Systems, Bing Liu of Fortinet, Cody Pierce of TippingPoint DVLabs and Moti Joseph and Dan Hubbard of Websense Security Labs all had a hand in pointing out the various vulnerabilities.

CVE-2008-0110:Microsoft issued a patch to plug a vulnerability in Outlook. According to Microsoft's description:

The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane.

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN...
Full Bio